[Secure-testing-commits] r29666 - data/CVE
Kurt Roeckx
kroeckx at moszumanska.debian.org
Sun Oct 26 13:34:03 UTC 2014
Author: kroeckx
Date: 2014-10-26 13:34:03 +0000 (Sun, 26 Oct 2014)
New Revision: 29666
Modified:
data/CVE/list
Log:
CVE-2011-3389/BEAST: add all libraries that support SSL 3.0 and TLS 1.0
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-26 13:23:48 UTC (rev 29665)
+++ data/CVE/list 2014-10-26 13:34:03 UTC (rev 29666)
@@ -11402,6 +11402,7 @@
- netsurf <unfixed> (unimportant)
- nginx <unfixed>
- nss <unfixed>
+ - ocaml-ssl <unfixed>
- ocsigenserver <unfixed>
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
@@ -62710,6 +62711,21 @@
- python3.2 3.2.3~rc1-1
NOTE: http://bugs.python.org/issue13885
NOTE: python3.1 is fixed starting 3.1.5
+ - cyassl <unfixed>
+ - gnutls26 <unfixed>
+ - guntls28 <unfixed>
+ NOTE: guntls recommends to use TLS 1.1 or 1.2. There doesn't seem to be a fix for TLS 1.0.
+ - haskell-tls <unfixed>
+ - ocaml-ssl <unfixed>
+ NOTE: ocaml-tls (not in Debian) does seem to have fixed this.
+ - matrixssl
+ NOTE: matrixssl fix this upstream in 3.2.2
+ - bouncycastle <unfixed>
+ - nss 3.13.1.with.ckbi.1.88-1
+ - polarssl <unfixed>
+ - tlslite <unfixed>
+ NOTE: tlslite fixed this upstream in 0.3.9.x
+ - tomcatjss <unfixed>
CVE-2011-3388 (Opera before 11.51 allows remote attackers to cause an insecure site ...)
NOT-FOR-US: Opera
CVE-2011-3387 (The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote ...)
More information about the Secure-testing-commits
mailing list